[Git][security-tracker-team/security-tracker][master] Reserve DSA-4174-1 for corosync (CVE-2018-1084)

2018-04-16 Thread Sebastien Delafond
Sebastien Delafond pushed to branch master at Debian Security Tracker / security-tracker Commits: 959cde3c by Sébastien Delafond at 2018-04-17T07:39:44+02:00 Reserve DSA-4174-1 for corosync (CVE-2018-1084) - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes:

[Git][security-tracker-team/security-tracker][master] Remove source package information for CVE-2018-1000166

2018-04-16 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4cfc5933 by Salvatore Bonaccorso at 2018-04-17T07:23:35+02:00 Remove source package information for CVE-2018-1000166 Once properly rejected will move from RESERVED to REJECTED status. - - - - -

[Git][security-tracker-team/security-tracker][master] 2 commits: Take linux from dsa-needed list

2018-04-16 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: be874d3d by Salvatore Bonaccorso at 2018-04-17T07:30:20+02:00 Take linux from dsa-needed list - - - - - 309f0d1e by Salvatore Bonaccorso at 2018-04-17T07:30:30+02:00 Add linux-tools to

[Git][security-tracker-team/security-tracker][master] Reference full commit ids for CVE-2018-0737

2018-04-16 Thread Salvatore Bonaccorso
) NOTE: https://www.openssl.org/news/secadv/20180416.txt - NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=6939eab03 - NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=349a41da1 + NOTE: OpenSSL_1_1_0-stable: https

[Git][security-tracker-team/security-tracker][master] remove undetermined freeipa entry

2018-04-16 Thread Moritz Muehlenhoff
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 4aaa7f89 by Moritz Muehlenhoff at 2018-04-16T20:29:32+02:00 remove undetermined freeipa entry - - - - - 1 changed file: - data/CVE/list Changes: =

[Git][security-tracker-team/security-tracker][master] cacti: note that CVE-2018-10059 does not affect stable and older

2018-04-16 Thread Paul Gevers
Paul Gevers pushed to branch master at Debian Security Tracker / security-tracker Commits: 4a86e02b by Paul Gevers at 2018-04-16T20:02:10+02:00 cacti: note that CVE-2018-10059 does not affect stable and older - - - - - 1 changed file: - data/CVE/list Changes:

[Git][security-tracker-team/security-tracker][master] Update the status of gcc retpoline backporting in dla-needed.txt

2018-04-16 Thread Ben Hutchings
ersion as well? (buxy) + NOTE: 20180416: We're now working on adding gcc-4.9 instead of backporting + NOTE: 20180416: retpoline to older compiler versions. (benh) + NOTE: 20180416: The backported package will be renamed as it has to be + NOTE: 20180416: packaged differently to avoid conflicts wi

[Git][security-tracker-team/security-tracker][master] Add new openssl issue

2018-04-16 Thread Salvatore Bonaccorso
for next DSA and upstream release) + - openssl1.0 (low) + [stretch] - openssl1.0 (Can wait for next DSA and upstream release) + NOTE: https://www.openssl.org/news/secadv/20180416.txt + NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=6939eab03

[Git][security-tracker-team/security-tracker][master] Reserve DLA-1348-1 for patch

2018-04-16 Thread Chris Lamb
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 79a53236 by Chris Lamb at 2018-04-16T12:11:08+01:00 Reserve DLA-1348-1 for patch - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: =

[Git][security-tracker-team/security-tracker][master] Add note that the wheezy version of patch contains a testcase for CVE-2018-1000156.

2018-04-16 Thread Chris Lamb
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 9abe7f40 by Chris Lamb at 2018-04-16T12:15:07+01:00 Add note that the wheezy version of patch contains a testcase for CVE-2018-1000156. - - - - - 1 changed file: - data/CVE/list Changes:

[Git][security-tracker-team/security-tracker][master] r-cran-readxl DSA

2018-04-16 Thread Moritz Muehlenhoff
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 633d1d31 by Moritz Muehlenhoff at 2018-04-16T20:56:40+02:00 r-cran-readxl DSA - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: =

[Git][security-tracker-team/security-tracker][master] Add reference for CVE-2017-2826

2018-04-16 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1219acd6 by Salvatore Bonaccorso at 2018-04-16T21:04:54+02:00 Add reference for CVE-2017-2826 - - - - - 1 changed file: - data/CVE/list Changes: =

[Git][security-tracker-team/security-tracker][master] two gegl issues no-dsa

2018-04-16 Thread Moritz Muehlenhoff
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 72b4fde0 by Moritz Muehlenhoff at 2018-04-16T21:09:21+02:00 two gegl issues no-dsa - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list

[Git][security-tracker-team/security-tracker][master] Update note for CVE-2018-10021

2018-04-16 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 14347938 by Salvatore Bonaccorso at 2018-04-16T21:44:04+02:00 Update note for CVE-2018-10021 - - - - - 1 changed file: - data/CVE/list Changes: =

[Git][security-tracker-team/security-tracker][master] automatic update

2018-04-16 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a9ed6023 by security tracker role at 2018-04-16T20:10:27+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list

[Git][security-tracker-team/security-tracker][master] Reserve DLA-1349-1 for linux-tools

2018-04-16 Thread Ben Hutchings
} [wheezy] - patch 2.6.1-3+deb7u1 = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -58,10 +58,6 @@ libvorbis linux (Ben Hutchings) NOTE: 20180416: This depends on gcc-4.9 and linux-tools updates

[Git][security-tracker-team/security-tracker][master] Update CVE-2018-384{8,9}/cfitsio

2018-04-16 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6879f834 by Salvatore Bonaccorso at 2018-04-16T22:33:47+02:00 Update CVE-2018-384{8,9}/cfitsio - - - - - 1 changed file: - data/CVE/list Changes: =

[Git][security-tracker-team/security-tracker][master] Note that I'm working on linux and linux-tools updates for wheezy

2018-04-16 Thread Ben Hutchings
for other CVEs applied upstream and in sid. (agx) -- -linux +linux (Ben Hutchings) + NOTE: 20180416: This depends on gcc-4.9 and linux-tools updates (benh) +-- +linux-tools (Ben Hutchings) + NOTE: 20180416: This needs to be updated to mark out-of-tree modules built + NOTE: 20180416: with retpoline

[Git][security-tracker-team/security-tracker][master] Associate #892458 with CVE-2018-38{6,8,9}/cfitsio

2018-04-16 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5df14303 by Salvatore Bonaccorso at 2018-04-16T22:42:53+02:00 Associate #892458 with CVE-2018-38{6,8,9}/cfitsio CVE-2018-1000166 looks to be a duplicate of covering all those three CVEs. DWF

[Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-0737

2018-04-16 Thread Salvatore Bonaccorso
) NOTE: https://www.openssl.org/news/secadv/20180416.txt NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=6939eab03a6e23d2bd2c3f5e34fe1d48e542e787 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit

[Git][security-tracker-team/security-tracker][master] Add CVE-2018-3846/cfitsio

2018-04-16 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 690fc3e9 by Salvatore Bonaccorso at 2018-04-16T22:42:16+02:00 Add CVE-2018-3846/cfitsio - - - - - 1 changed file: - data/CVE/list Changes: =

[Git][security-tracker-team/security-tracker][master] Update CVE-2017-2826 information

2018-04-16 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: dc117921 by Salvatore Bonaccorso at 2018-04-16T21:19:40+02:00 Update CVE-2017-2826 information - - - - - 1 changed file: - data/CVE/list Changes: =

[Git][security-tracker-team/security-tracker][master] Add CVE-2018-10124

2018-04-16 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 918a923a by Salvatore Bonaccorso at 2018-04-16T21:47:47+02:00 Add CVE-2018-10124 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-04-16 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8f8247aa by Salvatore Bonaccorso at 2018-04-16T22:21:00+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-04-16 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fdaf72f9 by Salvatore Bonaccorso at 2018-04-16T22:53:32+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list

[Git][security-tracker-team/security-tracker][master] Add note for wordpress

2018-04-16 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bdfffa69 by Salvatore Bonaccorso at 2018-04-16T09:45:46+02:00 Add note for wordpress - - - - - 1 changed file: - data/dsa-needed.txt Changes: =

[Git][security-tracker-team/security-tracker][master] Add preliminary information on two new libreoffice issues

2018-04-16 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: dd107217 by Salvatore Bonaccorso at 2018-04-16T10:18:46+02:00 Add preliminary information on two new libreoffice issues - - - - - 1 changed file: - data/CVE/list Changes:

[Git][security-tracker-team/security-tracker][master] Take care of freeplane DSA prepared by Felix Natter

2018-04-16 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 895f8003 by Salvatore Bonaccorso at 2018-04-16T09:14:54+02:00 Take care of freeplane DSA prepared by Felix Natter - - - - - 1 changed file: - data/dsa-needed.txt Changes:

[Git][security-tracker-team/security-tracker][master] automatic update

2018-04-16 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cd64beed by security tracker role at 2018-04-16T08:10:12+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list

[Git][security-tracker-team/security-tracker][master] 2 commits: Process NFU

2018-04-16 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9e15db75 by Salvatore Bonaccorso at 2018-04-16T10:12:50+02:00 Process NFU - - - - - 1d56ca33 by Salvatore Bonaccorso at 2018-04-16T10:13:46+02:00 Process more NFUs - - - - - 1 changed file:

[Git][security-tracker-team/security-tracker][master] Mark CVE-2017-16645 as unimportant

2018-04-16 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 467b8612 by Salvatore Bonaccorso at 2018-04-17T07:10:36+02:00 Mark CVE-2017-16645 as unimportant - - - - - 1 changed file: - data/CVE/list Changes: =

[Git][security-tracker-team/security-tracker][master] 2 commits: claim a stab at qemu

2018-04-16 Thread Antoine Beaupré
Antoine Beaupré pushed to branch master at Debian Security Tracker / security-tracker Commits: 037eeef8 by Antoine Beaupré at 2018-04-16T19:44:34-04:00 claim a stab at qemu - - - - - 773a11c5 by Antoine Beaupré at 2018-04-16T19:45:39-04:00 better path to patch upstream in CVE-2018-7550 - - -